Staff Email Hacked

Contributed by: Steve Welch, Canon for Communications

The malicious email ask you to open a document on the Adobe Acrobat Web site, which then asks you to fill in your email address and password. Do not provide this information!

Watch out for malicious emails seeming to come from accounts

“I am sending you out like sheep into the midst of wolves, so be wise as serpents and innocent as doves.”—Matthew 10:16

At least one diocesan email account has been accessed by malicious users to attempt to steal your email username and password.

The email (received from both users and outside users) include a link to a supposed secure Acrobat file called “Settlement Docs, Invoice & E_receipt.pdf.” If you click the link, it will take you to the real Adobe web site. But if you try to access the document on that site, it will redirect you to another web site pretending to be Microsoft Outlook online, asking for your username and password. If you submit this, the hackers now have access to your email.

If you have done this, immediately—right now—log into your email program and change your password. Seen above are screen shots of the malicious email process. First is the content of the email. Second is the warning from Adobe that you are about to go to another web site. Third is the fake Microsoft Outlook site asking for email address and password.

The rule of thumb always is that if something seems suspicious, be suspicious. And never provide sensitive information unless you have confirmed the legitimacy of the request. Look closely at the web address of the site you’re on. In this case, the site pretending to be Microsoft Outlook was actually “” Look for the telltale signs of fraud.

Learn more here.